admin

0 Comments
Jul 12, 2024NewsroomCyber Crime / Online Safety Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a “complex” law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media
0 Comments
A County in Indiana, US, has filed a disaster declaration following a ransomware attack on local government networks, which has prevented the administration of critical services. Clay County made the declaration after confirming the incident has resulted in an inability to operate Clay County Courthouse and Clay County Probation/Community Corrections facilities. The July 11 declaration
0 Comments
American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to “nearly all” of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network. “Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25,
0 Comments
The US government has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities. The alert from the Cybersecurity and Infrastructure Security Agency (CISA) and FBI was issued in response to several high-profile threat actor campaigns in 2024 that exploited OS command injection defects in network edge devices to compromise
0 Comments
Jul 11, 2024NewsroomVulnerability / Enterprise Security Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that
0 Comments
A recent surge in fraudulent smishing attacks impersonating India Post, the government-operated postal system, has prompted warnings from Indian authorities and cybersecurity experts.  The Press Information Bureau (PIB) issued alerts in June urging vigilance against suspicious messages falsely claiming to be from India Post, part of India’s Ministry of Communications. This tactic, known as smishing,
0 Comments
Jul 10, 2024NewsroomData Breach / Malware A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious
0 Comments
Jul 09, 2024NewsroomVulnerability / Network Security Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances. “The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks,” InkBridge
0 Comments
Cybersecurity researchers have uncovered a new advanced persistent threat (APT) targeting Russian government entities, dubbed CloudSorcerer.  This sophisticated cyberespionage tool, discovered by Kaspersky in May 2024 and discussed in an advisory published by the firm on June 8, is designed for stealth monitoring, data collection and exfiltration, utilizing Microsoft Graph, Yandex Cloud and Dropbox for
0 Comments
Jul 08, 2024NewsroomCyber Espionage / Cloud Security A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that
0 Comments
Brazil’s National Data Protection Authority (ANPD) has issued a preventive measure halting Meta’s processing of personal data for the training of artificial intelligence (AI) systems.  The action comes in response to concerns over the company’s updatedprivacy policy, which permits the use of publicly available data and user-generated content from platforms like Facebook, Messenger and Instagram
0 Comments
Jul 05, 2024The Hacker NewsCloud Security / Attack Surface The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you’ve clicked on this article, there’s
0 Comments
The EU Commission has opened applications for over €210m ($227.3m) in funding for cybersecurity and digital skills programs. The latest funding round of the Digital Europe Programme (DEP) will provide €35m ($37.8m) to projects protecting large industrial installations and critical infrastructures. A further €35m will be used for the deployment of state-of-the-art cybersecurity technologies and
0 Comments
Vinted, the leading online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for breaching the EU’s General Data Protection Regulation (GDPR) in relation to personal data deletion requests. The fine was issued on July 2 by the Lithuanian Data Protection Office (VDAI), the country where Vinted UAB’s global headquarters are based. It follows a
0 Comments
Jul 05, 2024The Hacker NewsCybersecurity / Identity Protection Identity theft isn’t just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don’t be caught off guard. Join us for a groundbreaking
0 Comments
Europol has released a position paper today highlighting significant challenges posed by privacy enhancing technologies (PET) in home routing to lawful interception by law enforcement.  The report emphasizes that home routing, which allows telecommunications service providers to maintain services for customers traveling abroad by routing communications through the home network, creates barriers for law enforcement
0 Comments
Jul 04, 2024NewsroomVulnerability / Critical Infrastructure Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. “The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load
0 Comments
WordPress plugins are currently facing significant security risks due to a recent discovery detailed in a security advisory published by Patchstack today.  The advisory references a Polyfill supply chain attack initially reported on June 25 by Sansec. This attack targets Polyfill.js, a widely used JavaScript library that enables modern functionality on older web browsers lacking native
0 Comments
Jul 03, 2024The Hacker NewsOSINT / Artificial Intelligence Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but are also finding that
0 Comments
Election 2024 mobile political spam volumes have seen a threefold increase compared with 2022 midterms.  The data comes from recent research by Proofpoint, which also suggests that US voters increasingly turn to digital platforms for information, making them more susceptible to cybercriminal activities.  With 60% of US adults preferring digital media for news and 86% using